Sponsored Ads

The Web Security Mailing List

A pretty nasty DNS vulnerability has been discovered in 81 products by
Dan Kaminsky. This vulnerability type
seems to be the same described by Amit Klein and involves abusing the
PRNG involved in transactions on DNS queries. Long story short
if you run a vulnerable caching DNS server you can have your cache
poisoned. From CERT

"The DNS protocol specification includes a transaction ID field of 16
bits. If the specification is correctly implemented and the transaction
ID is randomly selected with a strong random number generator, an
attacker will require, on average, 32,768 attempts to successfully
predict the ID. Some flawed implementations may use a smaller number of
bits for this transaction ID, meaning that fewer attempts will be
needed. Furthermore, there are known errors with the randomness of
transaction IDs that are generated by a number of implementations. Amit
Klein researched several affected implementations in 2007."